We’re losing the battle against fraudsters who are stealing or guessing our usernames along with passwords with increasing success. So could analysing the quirky ways we use our devices – even the way we walk – provide an extra line of defence?
These days you can’t walk down a busy street without bumping into smartphone zombies oblivious to the globe around them.
although little do they know in which the way they walk, hold along with interact with their mesmeric devices could be telling service providers exactly who they are.
This particular is usually the amazing brand-new world of behavioural biometrics, the latest front within the cyber-security war.
“By using the accelerometers along with gyroscopes in your phone we can gauge your wrist strength, your gait, along with we can tell you apart via most different people which has a one in 20,000 accuracy – roughly equivalent to the accuracy of a fingerprint,” says Zia Hayat, chief executive of Callsign, a behavioural biometrics firm.
So even if a fraudster has stolen your bank log-in details or downloaded malware onto your phone, such behavioural software should be able to spot in which the idea’s not definitely you trying to make in which money transfer to a foreign bank.
These behavioural idiosyncrasies are as unique as our voices, tech firms say. This particular is usually why Morse code operators could be identified simply by the individual way they tapped out messages.
Eyal Goldwerger, chief executive of BioCatch, another behavioural biometrics company, says: “Authentication is usually all well along with not bad although if fraudsters are already inside your system the idea’s no use. Most instances of banking fraud occur after user authentication has taken place.”
The way humans interact with devices is usually very different to the way malware operates, so even if your phone is usually infected, lying in wait for you to log in before hi-jacking your secure transaction, behavioural biometrics should be able to spot the difference.
“If the phone isn’t moving although is usually being operated, you might assume malware is usually working the idea,” says Mr Hayat.
“We can even measure air pressure using the barometer on the latest smartphones, which can give us another indication of where the phone is usually along with whether in which corresponds to where the user says he is usually.”
Even the size of your fingers – how much surface is usually covered when you tap on the screen – can help build up a pretty accurate signature profile, he says.
Perhaps understandably, the idea is usually banks who are most interested in This particular brand-new extra layer of security – Callsign lists Lloyds Banking Group along with Deutsche Bank among its customers.
Such behavioural specialists, including firms such as Behaviosec, NuData Security, along with Zighra, are also partnering with cyber-security companies in which specialise in managing identities.
Callsign’s technology integrates with ForgeRock’s ID management platform, for example.
“We’re moving to a password-less world,” says ForgeRock chief executive Mike Ellis. “So these days we need multiple layers of authentication, along with behavioural biometrics is usually one of those layers.
“Identifying the device, its geo-location, along with typical behaviour is usually another layer.”
More banks are rolling out voice authentication as a more secure along with less intrusive way for customers to establish their identity.
“[With the help of] neural networks along with machine learning, authentication accuracy has risen via 98% to 99%,” says Brett Beranek, director of product strategy at Nuance, a voice biometrics specialist.
although even he acknowledges the need for another layer of post-authentication behavioural security to protect users against malware-infected phones.
As well as physical behaviours, such as the speed with which we type along with swipe, there are psychological ones, too, says Mr Goldwerger – the choices we make unconsciously when navigating a web page, for example.
“The way you decide to scroll down a page – using the mouse scroll wheel or clicking on the webpage sidebar along with dragging – can be indicative in which This particular is usually you accessing the website along with not somebody else,” he says.
BioCatch says the idea measures more than 500 parameters when a user interacts which has a digital device.
Using machine-learning techniques, the company says the idea can build a unique profile of a user’s behavioural idiosyncrasies after just 10 minutes of interaction.
although behavioural biometrics are not intended to replace existing biometric authentication methods, such as voice, fingerprint or selfie, although to complement them, says Mr Goldwerger.
The advantage of This particular type of security is usually in which “everything we do is usually seamless along with frictionless – the idea all happens within the background without the user knowing,” he says.
The software can spot suspicious activity about 98% of the time, he adds.
although what about privacy? If companies like This particular can know who I am simply by monitoring my online behaviour, is usually anonymity a thing of the past?
Could what began out as a way to find terrorists hiding behind encrypted communications become a way to identify us all, whether we like the idea or not?
Mr Goldwerger insists in which BioCatch technology does not see any user’s personally identifiable information along with the client – usually a bank – doesn’t get to see the anonymised behaviour profile BioCatch produces.
“All the bank sees is usually a risk score for in which user session, along with all we see is usually an ID number associated with in which person,” he says.
Callsign’s Zia Hayat says his company does the same thing, principally to comply with existing data protection legislation.
although what if a fraudster steals someone else’s identity along with sets up a brand-new account via scratch? Behavioural biometrics won’t be any use surely if there’s no previous user behaviour to compare the idea with?
BioCatch, which has partnered with credit reference agency Experian, thinks in which even in This particular situation behavioural analysis can help.
“Fraudsters will be less familiar along with fluent with the data they’re asked to produce because the idea’s not theirs,” says Mr Goldwerger.
“We can spot in which, along with we can notice the different way they fill in application forms because they do the idea so often.”
- Follow Technology of Business editor Matthew Wall on Twitter along with Facebook
- Click here for more Technology of Business features